CertCentral Services API: Improved Order info API response

Update: To give API consumers more time to evaluate the impact of the Order info API response changes on their integrations, we are postponing this update until May 31, 2022. We originally planned to release the changes described below on April 25, 2022.

On May 31, 2022, DigiCert will make the following improvements to the Order info API. These changes remove unused values and update the data structure of the order details object to be more consistent for orders in different states across product types.

For more information and response examples for public TLS, code signing, document signing, and Class 1 S/MIME certificates, see the reference documentation for the Order info endpoint.

If you have questions or need help with these changes, contact your account representative or DigiCert Support.

Need to test your API integration?

To help CertCentral Services API consumers evaluate the impact of these changes, DigiCert is providing a beta server for API consumers to test their integrations prior to the May 31, 2022 release. To learn more, see our knowledge base article: DigiCert CertCentral Services API beta server.

General enhancements

The following changes apply to orders for various certificate types irrespective of order status.

Removed parameters:

• public_id (string)
  For all orders, the API will stop returning the public_id parameter. DigiCert no longer supports the Express Install workflow that required a public_id value.
• certificate.ca_cert_id (string)
  For DV certificate orders, the API will stop returning the ca_cert_id parameter. The value of this parameter is an internal ID for the issuing ICA certificate and cannot be used externally. The API already excludes the ca_cert_id parameter from the order details for other product types.
  
  To get the name and public ID of the issuing ICA certificate associated with the order, use the ca_cert object instead.
• verified_contacts (array of objects)
  For document signing certificate orders, the API will stop returning the verified_contacts array. The API already excludes the verified_contacts array from the order details for other product types.
• certificate.dns_names (array of strings)
  If there are no DNS names associated with the order (for example, if the order is for a code signing, document signing, or Class 1 S/MIME certificate), the API will stop returning the dns_names array.
  
  Before, the API returned a dns_names array with an empty string: [" "]
• certificate.organization_units (array of strings)
  If there are no organization units associated with the order, the API will stop returning an organization_units array.
  
  Before, for some product types, the API returned an organization_units array with an empty string: [" "]
• certificate.cert_validity
  In the cert_validity object, the API will only return a key/value pair for the unit used to set the certificate validity period when the order was created. For example, if the validity period of the certificate is for 1 year, the cert_validity object will return a years parameter with a value of 1.
  
  Before, the cert_validity object sometimes returned values for both days and years.

Added parameters:

• order_validity (object)
  For code signing, document signing, and client certificate orders, the API will start returning an order_validity object.
  
  The order_validity object returns the days, years, or custom_expiration_date for the order validity period. The API already includes an order_validity object in the order details for public SSL/TLS products.
• payment_profile (object)
  For DV certificate orders, if the order is associated with a saved credit card, the API will start returning a payment_profile object. The API already includes a payment_profile object in the order details for other product types.
• server_licenses
For DV certificate orders, the API will start returning the server_licenses parameter. The API already includes the server_licenses parameter in the order details for other product types.

Unapproved order requests

The following changes apply only to certificate order requests that are pending approval or that have been rejected. These changes bring the data structure of the response closer to what the API returns after the request is approved and the order is submitted to DigiCert for validation and issuance.

To manage unapproved and rejected requests, we recommend using the Request endpoints (/request) instead of retrieving the order details. We designed the /request endpoints to manage pending and rejected certificate order requests, and these endpoints remain unchanged.

Note: For quicker certificate issuance, we recommend using a workflow that skips or omits the request approval step for new certificate orders. If your API workflow already skips or omits the approval step, you can safely ignore the changes below. Learn more about removing the approval step:

• Best practices – Always include skip_approval parameter
• Remove the approval step from the certificate order process

Added parameters:

• disable_ct (boolean)
• allow_duplicates (boolean)
• cs_provisioning_method (string)

Removed parameters:

• server_licenses (integer)
  For unapproved order requests, the API will stop returning the server_licenses parameter. The API will continue including the server_licenses parameter in order details for approved order requests.

Improved organization object
To provide a consistent data structure in the order details for unapproved and approved order requests, the API will return a modified organization object on unapproved order requests for some product types.

The API will stop returning the following unexpected properties on unapproved order requests for all product types:

• organization.status (string)
• organization.is_hidden (boolean)
• organization.organization_contact (object)
• organization.technical_contact (object)
• organization.contacts (array of objects)

The API will start returning the following expected properties, if existing, on unapproved order requests for all product types:

• organization.name (string)
• organization.display_name (string)
• organization.assumed_name (string)
• organization.city (string)
• organization.country (string)

To get organization details not included in the Order info response, use the Organization info API endpoint.